the mode license that allows it

android have a problem with malware. 2022 started strong, with more than 100 million users infected with malware stealing data through an spoofing screen, as well as the well-known fake SMS from BBVA and Santander, which attack via SMS and have also affected a good part of the Spanish population. Similarly, 2021 introduced Flubot, a virus that managed to take complete control of the device.

There is one thing in common with the latest malware attacks: abuse android accessibility permission to take control of device

Accessibility permission is a huge backdoor

When Flubot took control and data from thousands of Android phones, I was struck by the mechanism by which it did so: simple Android authorization. The accessibility service is, as its name suggests, a permission Android has for apps to control the system in cases where the user has problems with vision, touch, hearing, etc.

The issue arises when an app that has nothing to do with this purpose is created with this permission. through it you can have full control of the device: see and, eye, control the screen. Perform actions both at the software and hardware level, access call logs and SMS, intercepting them if you wish. An app with this permission can even change its icon, hide inside the launcher, and become invisible.

If we try to erase it, how can it control the screen, just close the settings on your face, making a tap that brings you back to the launcher. A permission that was born with good intention, but ended up being used to control the device without the user’s knowledge.

Systems like iOS have similar accessibility features at the operating system level, but do not allow other apps to fully control the device. Now might be a good time to give this permission a thumbs up, because if a user accepts it, their mobile is lost.

In the case of recent banking malware attacks, analysts found an evolution of the Trojan distributed via the Google Play Store and that he abused this authorization to steal users’ bank details.